‘Did you have the power to notify Rules for news portals, OTT services?’
On Monday, the committee grilled MeitY and MIB officials, who were led by their respective secretaries Ajay Prakash Sawhney and Amit Khare, over the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 that were notified by the Centre on February 25. These Rules lay down the guidelines that intermediaries, social media platforms, digital news publishers and streaming services have to now follow in India.
At least two members, including chairperson Tharoor and Congress’s Karti P Chidambaram, asked MeitY officials about which act allowed them to frame rules to govern OTT platforms such as Netflix and Amazon Prime, and digital news publishers. It is understood that Sawhney said the IT ministry is granted with such powers under Section 69A of the Information Technology Act, 2000.
The new Rules have been notified under Section 87(2)(z) and (zg) of the IT Act which give the central government the power to lay down the procedures and safeguards for blocking for access by the public under Section 69A and guidelines that need to be observed by intermediaries under Section 79.
Under Section 69A, the government, in 2009, had notified the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public Rules). It is under these Rules that the central government has instructed social media platforms such as Facebook, Twitter, Google, YouTube to take down content or block access to it in the past. While Section 69A only applies to intermediaries, the 2009 Blocking Rules allow the designated officer to “identify the person or intermediary” who has hosted the problematic information. Legal experts differ on whether Section 69A and the Blocking Rules can be used to govern news portals and OTT platforms which are not intermediaries.
According to the IT Act, an intermediary refers to “any person who on behalf of another person receives, stores or transmits that [electronic] record or provides any service with respect to that [electronic] record. This includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payments sites, online auction sites, online marketplaces and cyber cafes, as per the Act. News portals and streaming services are not included.
It is understood that the members also questioned the government officials on why the Oversight Mechanism of the three-tier grievance redressal mechanism, instituted to address complaints against digital news publishers and OTT platforms, was populated only with bureaucrats from the executive. Members also quizzed the government officials over whether or not stakeholders had been consulted before notification of the Rules. In the Demand for Grants report for MIB that the Committee presented to the Parliament on March 10, the Committee stated that MIB said it had held consultations with OTT platforms in Mumbai, Chennai and Delhi between October 2019 and March 2020.
As per this report, the MIB had previously told the Committee that all sectors and the Central Board of Film Certification had asked for a level-playing field between different platforms. When Vani Tripathi Tikoo, a CBFC member, had deposed before the Committee in February 2021, she had also argued in favour of levelling the playing field between movies released in theatres and those released on streaming platforms.
In addition to a level-playing field, the MIB had also said that concerns had been raised by parents and guardians over adult and violent content on OTT platforms.
‘Will end-to-end encryption be affected?’ ask Committee Members
At least two members also asked the IT Ministry officials about the impact of the traceability requirement on end-to-end encrypted messaging services. In response, the officials cited IIT Madras’s Dr V Kamakoti’s proposal to tag every message with the originator’s information as a solution that will enable traceability without undermining end-to-end encryption,Forbes India has learnt. It is understood that the officials also told the members about tracing the originator through a catalogue of hashes. At least one member of the committee stressed that foreign companies must abide by Indian laws, irrespective of what it means for their individual technical architecture.
However, multiple cryptographic experts have told Forbes India that both these solutions break end-to-end encryption.
‘India is equipped to deal with cyber attacks,’ says MeitY
Multiple cybersecurity incidents that have taken place over the last few years in India, including a study that a China-linked advanced persistent threat may have been behind the power outage in Mumbai in October 2020, were discussed. In November 2019, the Department of Atomic Energy and MeitY had deposed before the Committee to brief them on the cyber attack on Kudankulam Nuclear Power Plant wherein an internet connected computer, which is not a part of the operational network, had been infected with a malware linked to a North Korean threat actor.
Currently, while different states across the country, such as Tamil Nadu and Telangana, have formulated their own cybersecurity policies, the National Cyber Security Strategy (NCSS) is still awaited. It was supposed to be released by March 2020 but got delayed because of the COVID-19 pandemic.
It is not clear who appeared from MHA but Home Secretary Ajay Kumar Bhalla was not there.